SSH Host Keys:

Fixing your SSH known_hosts file

When you make SSH connections, your known_hosts file will need a
hostkey for each shell machine you log into. This file
(".ssh/known_hosts") can be found in your home directory (if on a UNIX
machine, including a Mac running OS X) or in the directory specified
by your SSH client (on a Windows machine; NB: some Windows SSH
clients, such as PuTTY, might store hostkey information in the registry, rather than a
file, and it might not be easily hand-edited).

The Panix ssh host addresses are as follows:

shell.panix.com, which is a load-balancing alias for the following
three hosts:

panix1.panix.com

panix2.panix.com

panix3.panix.com

panix5.panix.com

Without the hostkeys pre-configured in known_hosts, you'll see a
warning notice the first time you connect to a specific
userhost. The warning will look something like this:

The authenticity of host '[hostname] ([IP address])' can't be
established.
RSA key fingerprint is [key fingerprint].
Are you sure you want to continue connecting (yes/no)?

If you use "shell.panix.com" (or just "panix.com") as the address, you'll see a warning
similar to this, if you're connected to a different underlying host
from a previous one:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for panix.com has changed,
and the key for the corresponding IP address 166.84.1.2
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in [known_hosts]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
c3:66:bb:40:52:99:67:5d:af:21:a6:0c:f6:4b:ce:b3.
Please contact your system administrator.
Add correct host key in [known_hosts] to
get
rid of this message.
Offending key in [known_hosts]
DSA host key for panix.com has changed and you have requested strict
checking.
Host key verification failed.

In both cases, accepting the key will add it to known_hosts and
prevent further warnings. We advise not blindly accepting keys, and
confirming the fingerprints with those we maintain
on our
secure server.

Out public SSH keys are available on our secure server.
You can right-click the links (or control-click
if you use a Mac) and save the key files as is, or use the
"Save As" option if you prefer.

Save the files as they are: DO NOT copy and paste the keys!
Copy/paste operations tend to add newline characters to the keys,
which makes them unusable. Use "File:Save As" or the equivalent instead.

You can also make a copy of the
fingerprints
for comparison should you need to verify a connection from a new machine.